I noticed, that RT checks just first 8 letters of password
to clarify myself, here is an example:
if my pass is:
12345678
i can write:
123456789
12345678dakjldasiwe
and login properly
also if my pass is:
123456789
i can login with 12345678
Is that a bug or am I missing something?
regards
Grega
Grega Milcinski
E-mail: grega.milcinski@s5.net
Assuming RT uses des-crypt for its passwords, then its not a problem. DES-
Crypt only deals with the first eight bytes of a given password string, the
rest is thrown away. By the way, I think its lame that RT uses des-crypt
passwords, it should use md5 or sha1. 
-MattOn Wed, Feb 27, 2002 at 10:19:10PM +0100, Grega Milcinski wrote:
I noticed, that RT checks just first 8 letters of password
to clarify myself, here is an example:
if my pass is:
12345678
i can write:
123456789
12345678dakjldasiwe
and login properlyalso if my pass is:
123456789
i can login with 12345678Is that a bug or am I missing something?
regards
GregaGrega Milcinski
E-mail: grega.milcinski@s5.net
rt-devel mailing list
rt-devel@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-devel
|+ Assuming RT uses des-crypt for its passwords, then its not a problem. DES-
|+ Crypt only deals with the first eight bytes of a given password string, the
|+ rest is thrown away. By the way, I think its lame that RT uses des-crypt
|+ passwords, it should use md5 or sha1.
Supply a patch for RT that does md5 and/or sha1, and gives the user an
option within the config.pm to pick which crypt method to use.
Also, supply a program that would convert existing des-crypt to an
md5/sha1 password in the database 
-darrin
Supply a patch for RT that does md5 and/or sha1, and gives the user an
option within the config.pm to pick which crypt method to use.
Yes, I could do that.
Also, supply a program that would convert existing des-crypt to an
md5/sha1 password in the database
I hope by the you are subtly implying that you understand that its
not redibly possibly to go from a oneway hash back to the origin. Hence
the term ‘oneway hash’.
-Matt
I could be easily convinced to move to storing md5 passwords as the default going
forward. iirc, the reason that I picked des-crypt passwords was to ease transition
from other systems coughbugzillacough which already used crypted passwords.
The only requirement would be that the new system be able to verify against
existing crypted passwords and, perhaps, replace them with md5ed passwords on
first login.
-jOn Wed, Feb 27, 2002 at 04:40:02PM -0500, Darrin Walton wrote:
|+ Assuming RT uses des-crypt for its passwords, then its not a problem. DES-
|+ Crypt only deals with the first eight bytes of a given password string, the
|+ rest is thrown away. By the way, I think its lame that RT uses des-crypt
|+ passwords, it should use md5 or sha1.Supply a patch for RT that does md5 and/or sha1, and gives the user an
option within the config.pm to pick which crypt method to use.Also, supply a program that would convert existing des-crypt to an
md5/sha1 password in the database-darrin
rt-devel mailing list
rt-devel@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-devel
http://www.bestpractical.com/products/rt – Trouble Ticketing. Free.
|+ > Also, supply a program that would convert existing des-crypt to an
|+ > md5/sha1 password in the database 
|+
|+ I hope by the you are subtly implying that you understand that its
|+ not redibly possibly to go from a oneway hash back to the origin. Hence
|+ the term ‘oneway hash’.
Yes, I was That was why I put the ‘:)’ there 
-darrin